A cyber-security workbook can help achieve good practice

2017-02-09 08:05:00  ·  412 Views  ·  1 Likes  | 

A common feature of cyber-security’s its general lag behind cyber-threats. Data Breach Incident Response Workbook, from AllClear ID, a cyber-security company, provides general guidance and assistance in developing security standards. It’s essential for Africa’s eHealth.

Health IT Security says it provides an outline and recommendations for a start to planning well-orchestrated responses to a data compromises. The next step’s engaging external stakeholders. An essential theme’s ensuring plans are recorded and tested thoroughly to achieve effective financial and operational responses to cyber-attacks.

Its contents include:

  1. The cyber-threat world and operational and reputational damage
  2. Anatomy of a data breach
  3. Preparing for a data breach
  4. Building a strong internal response team
  5. Data breach checklist
  6. Data breach notifications
  7. The Incident Response Plan Guide.

Incident response teams shouldn’t be just from ICT teams. They should draw and appoint an incident lead from:

  1. Executive management
  2. ICT
  3. Customer and patient services
  4. Risk management and security
  5. Compliance and audit
  6. Legal
  7. Privacy
  8. Public relations.

The checklist should document everything that happens and is discovered. Prompt action’s vital, so every action needs fitting into a timeline. Actions include:

  1. Implement the data breach incident response plan
  2. Specify the information needed for reporting summaries
  3. Identify the problem
  4. Start the incident reporting process
  5. If the data breach could harm a person or business, contact local police
  6. Create an incident summary report for executives
  7. Create a technical incident summary report.

The Incident Response Plan checklist’s comprehensive. It includes important advice: “Continuously update the information in the contact lists and other documents – don’t get caught in an emergency with outdated information.” It’s obvious, but an elementary error to avoid.